Access Control Systems: Security, Identity Management and Trust Models

Front Cover
Springer Science & Business Media, Dec 9, 2005 - Computers - 262 pages

Access Control Systems: Security, Identity Management and Trust Models provides a thorough introduction to the foundations of programming systems security, delving into identity management, trust models, and the theory behind access control models. The book details access control mechanisms that are emerging with the latest Internet programming technologies, and explores all models employed and how they work. The latest role-based access control (RBAC) standard is also highlighted.

This unique technical reference is designed for security software developers and other security professionals as a resource for setting scopes of implementations with respect to the formal models of access control systems. The book is also suitable for advanced-level students in security programming and system design.

 

What people are saying - Write a review

We haven't found any reviews in the usual places.

Contents

Foundations of Security and Access Control in Computing
1
Elements of Systems Security
3
Resource Access Control
4
Nonrepudiation
5
Cost of Security
6
Trusted Computing Base
7
Users Principals Subjects and Objects
9
Identification and Authentication
10
Secure Cookies
127
III
128
Chapter 4 MandatoryAccessControl Model
129
Partial Orders
130
Lattices
131
The Lattice Structure of the Information Flow Model
132
Implications oj me LatticcBasea Plow Moacl on Access Control
135
The BellLaPadula Flow Model
137

A Comparison
11
The Prevalent Authentication Method
13
Adding Salt to Password Encoding
14
Password Aging
15
The Security Context
17
Content of a Security Context
18
The Flow of a Security Context
19
Access Control
20
ReferenceMonitor Topology
21
About AccessControl Policies Models and Mechanisms
23
AccessControl Paradigms
26
Delegation and Masquerading
27
Realizing Assurance
28
Overview of Assurance in the Common Criteria
29
Configuration Management
31
Development
32
LifeCycle Support
33
About the Confinement Problem
35
Covert Channels
36
SecurityDesign Principles
37
LeastCommon Mechanism
38
Least Privileges
39
Introduction to IdentityManagement Models
40
Local Identity
41
Advantages of the LocalIdentity Model Simplicity
42
Scalability
43
Single SignOn
44
Network Identity
46
Federation Topologies
49
Local Profiling
50
Global Web Identity
51
Affiliate Networks Virtual Directories
52
Dynamic Scoping of a Security Context
54
Elements of DNS
55
Elements of XNS
59
XNS Identity Types
61
IDs and Names in XNS
62
XNS Resolvers
63
CrossReferencing XNS Identities
64
Forming Trust Relationships in XNS
65
XNS Services
66
Centralized EnterpriseLevel Identity Management
67
Synchronizing Identity Attributes
68
PolicyBased Identity Provisioning
69
Dynamic Definition of Identity Attributes
70
IBM Identity Manager
71
Elements of Trust Paradigms in Computing
73
A ThirdParty Approach to Identity Trust
74
The Implicit ThirdParty Authentication Paradigm
76
Federated Kerberos
79
A Topology of Kerberos Federations
80
Entitlement Attributes in Kerberos
81
Explicit ThirdParty Authentication Paradigm
83
The PublicKey Infrastructure Approach to Trust Establishment
84
Foundations of Public KeyCryptography
85
The Problem of Factoring Large Numbers
86
Computing Discrete Logarithms in a Large Finite Field
87
Elliptic Curves over Finite Fields
88
RSA Signature
89
Foundations of Trust in PKI
90
Identification Links Between a Certificate and a CRL
92
Protecting the CA Signing Key
93
Hierarchical Trust
94
CrossCertification
97
CrossCertification Grid
98
HubBased CrossCertification
99
WebofTrust Model
100
Delegated Impersonation in PKI
102
Elements of the X509 Proxy Certificate
104
Entitlement Management in PKI
106
Attribute Information
107
A Note About AC Attributes
108
Extensions
109
Examples of TrustExchange Mechanisms over the Web
111
WebServices Security
112
Identity and Trust Tokens
115
Unifying Trust and Identity Constructs
116
SAML Constructs
119
I
120
Trust Elements of SAML
121
Other Trust Elements of SAML
122
Web Cookies
123
Client Role
125
Issues with Use of Cookies
126
The Biba Model
138
Comparing Information Flow in BLP and Biba Models
139
Implementation Considerations for the BLP and the Biba Models
141
On the MandatoryAccessControl Paradigm
144
Simple Security
146
DiscretionaryAccess Control and the AccessMatrix Model
147
Implementation Considerations for the Access Matrix
148
AccessControl Lists
149
Definitions from the HRU AccessMatrix Model
150
State Transitions in the HRU AccessMatrix Model
151
IV
152
The Safety Problem of the AccessMatrix Model
153
On the Safety of the MonoOperational Protection System
158
The General Safety Problem of the AccessMatrix Model
159
The Turing Machine
160
Actions of a Turing Machine
161
Sketch of Proof for the Undecidability of the General Safety Problem
163
Mapping the Actions of the Turing Machine onto Protection Commands
164
V
165
VI
166
Conclusion
167
The TakeGrant Protection Model
168
A TakeGrant Model
172
Safety in the TakeGrant Model
173
Determinism of Sharing in the TakeGrant Model
175
VII
176
X
177
The SchematicProtection Model
180
SPM Rules and Operations
182
The Demand Operation
184
The Create Operation
185
Create Rules
186
Attenuating CreateRule of SPM
187
The Basic TakeGrant Model
188
RoleBased Access Control
190
Basic RBAC
192
User Role and Permission Associations
193
RBAC Relationship Reviews
194
Hierarchical RBAC
195
GeneralRole Hierarchies
196
LimitedRole Hierarchies
198
Role Reviews in Hierarchical RBAC
200
Effective and Direct Privileges
201
RoleGraph Modeling of Generalized Role Inheritance
202
RoleGraph Operations
203
XI
204
XII
205
XIII
207
A Comparative Discussion
208
Mapping of a Mandatory Policy to RBAC
209
OSM Mapping of a ConfidentialityMandatory Policy
211
XV
212
OSM Mapping of an IntegrityMandatory Policy
213
The OSM Constraints for Mapping RBAC to a Mandatory Policy
216
Mapping DiscretionaryAccess Control to RBAC
217
The Elements of the OSM DAC to RBAC Mapping
218
XVI
219
XVII
220
XVIII
222
A Note About the OSM DAC to RBAC Mapping
223
RBAC Flow Analysis
224
XIX
225
XX
226
Separation of Duty in RBAC
227
Elements of Role Conflicts in RBAC
229
Conflicting Users
230
Static Separation of Duty
231
The Effect of Role Hierarchy
232
Dynamic Separation of Duty
233
Simple Dynamic Separation of Duty
235
Operational Separation of Duty
237
Dynamic Separation of Duty in a Workflow Activity
238
Role Cardinality Constraints
240
RBAC Consistency Properties
241
XXI
242
The Privileges Perspective of Separation of Duties
243
Functional Specification for RBAC
246
Administrative Functions
247
Supporting System Functions
249
Supporting System Functions
250
Supporting System Functions
251
References
251
Index
256
Copyright

Other editions - View all

Common terms and phrases

Popular passages

Page 251 - Proceedings of the Fourth Aerospace Computer Security Applications Conference, IEEE Computer Society Press, 1988, pp.
Page 253 - National Institute of Standards and Technology. Secure hash standard.
Page 253 - Secure Communications over Insecure Channels." Communications of the ACM, Vol. 21, No. 4. April 1978, pp.